Suspicious process running under
Yes I have read all similar forum threads with that keyword. Including
lfd on xxx.xxx: Suspicious process running under user dbus
lfd suspicious process /usr/bin/php
Suspicious entry in access log
Warning: Suspicious file types found in /dev?
but in my case it is pure tcp and looks like relates to WHM/Cpanel and/or sql?
Any ideas in what part of the system is the error located?
Command Line (often faked in exploits):
/opt/cpanel/ea-php56/root/usr/bin/php-cgi
Network connections by the process (if any):
tcp: 127.0.0.1:34535 -> 0.0.0.0:0
tcp: 127.0.0.1:33464 -> 127.0.0.1:3306
Files open by the process (if any):
/var/cpanel/locale/en.cdb
Note: it is CentOS7 and the latest stable WHM/Cpanel
-
/opt/cpanel/ea-php56/root/usr/bin/php-cgi
Hello, The path is valid, as it's utilized by the MultiPHP functionality offered in EasyApache 4. Port 3306 is utilized for MySQL. Thank you.0
Please sign in to leave a comment.
Comments
1 comment